CVE-2017-8217

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
tp-linkc2_firmware
𝑥
≤ 0.9.1_4.2_v0032.0_build_160706
tp-linkc20i_firmware
𝑥
≤ 0.9.1_4.2_v0032.0_build_160706
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html
https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html